Compliance with HIPAA’s security and privacy requirements can be daunting, especially for smaller physician practices and other healthcare providers that do not have the resources and expertise of a hospital or health system. To assist these providers, the US Department of Health & Human Services (HHS) recently released to the public a security assessment tool. This application was developed by HHS in collaboration with its Offices of Civil Rights, National Coordinator for Health Information Technology and General Counsel.
Key information about this tool:
- The application is available to the public at no charge, and can be downloaded by visiting the following website: https://www.healthit.gov/providers-professionals/security-risk-assessment-tool
- The application is available for both Windows operating systems and Apple iPads.
- The application walks the user through nearly 160 questions that tie to the various HIPAA security and privacy requirements, and assists the user in preparing the required risk assessment.
- The application stores the user’s responses, comments and remediation plans, and can produce a risk assessment report.
- According to the government’s website, this “tool serves as your local repository for the information and does not send your data anywhere else.”
- A paper-based version of the tool is also available to be downloaded from the above website.
HHS’ announcement of this application highlights its use and importance:
By conducting these risk assessments, healthcare providers can uncover potential weaknesses in their security policies, processes and systems. Risk assessments also help providers address vulnerabilities, potentially preventing health data breaches or other adverse security events. A vigorous risk assessment process supports improved security of patient health data.
Please contact David Bongiovanni at firstname.lastname@example.org with any questions you may have. He can also be reached by phone at 609-514-1400.